In late March, photos began appearing online from FBI Director Kash Patel’s past. One photo showed him with a cigar in his mouth. In another, he’s holding a baby.
The photos were released as part of a cyberattack on Patel’s personal email that released more than 300 messages dated between 2010 and 2019, as well as a work resumé and travel documents. The Iran-linked and pro-Palestinian hacker group Handala Hack Team claimed responsibility for the attack.
Targeting high-profile figures like Patel is part of Iran’s larger war strategy to sow disruption in the U.S. and Israel, according to experts.
Handala’s attack against Stryker on March 11 put the medical technology company’s 56,000 employees operating in 61 countries at a standstill, while order processing, manufacturing, and shipping were halted. The company was not fully operational for three weeks following the attack, which it reported had a material impact on its first-quarter earnings.
Earlier this week, the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Department of Energy issued a joint advisory, warning Iran-backed hackers were targeting critical infrastructure, including water and power plants.
The agencies did not name specific targets but said that the hacks were aimed to “cause disruptive effects” and had already led to “operational disruption and financial loss.”
The warning is a signal to the private sector in particular to take this threat seriously, as it operates most of the U.S. critical infrastructure, said Nikita Shah, a senior fellow at the Center for Strategic and International Studies, who worked as a national security official in the U.K. government for 10 years.
In addition to the water and energy sectors, disrupting the tourism industry, by defacing an airline’s website for example, is another likely target, she added.
Instead of providing a military advantage for Iran, such low-level attacks on citizens and organizations are meant to cause friction and inflict costs in the hope that they will put pressure on governments to rethink any participation in the war, Shah told Fortune.
“What they’re trying to do is go after low-hanging fruit, so things that will seem very sophisticated on the outside, but from a technical perspective, when you look into it, actually, they’re not especially sophisticated,” she said.
How Iran-backed hackers find their targets
In March, Iran’s Islamic Revolutionary Guard Corps published a list of potential office and infrastructure targets in the Middle East run by U.S. companies, including Google, Microsoft, Palantir, IBM, Nvidia, and Oracle.
But cyberattacks could hit much closer to home, said Robert Olsen, chief operating officer and managing director of cybersecurity firm Hilco Global Cyber Advisors.
“If the ultimate goal, in this case of Iranian-sponsored threat actors, is to instill terror and uncertainty in the American population, there’s no better way to do that than through critical infrastructure attacks because it truly touches everyone’s lives in some way, shape, or form,” he told Fortune. “It becomes very personal when the local water system goes down.”
Iranian hackers are not running highly complex attacks, he said, but rather, taking advantage of companies’ vulnerabilities. In the case of one attack that exposed nearly 3,900 U.S. devices, the hackers took advantage of an open port on a physical piece of equipment, which Olsen said is akin to using an open window to get into somebody’s house.
“The challenge is organizations have to be pretty much perfect when it comes to all of the different aspects of building an effective security program,” he said. “The threat actors only have to be lucky once.”
Cyberattacks have also become much easier in recent years, Olsen pointed out. A hack that would’ve required a PhD level of knowledge years ago can be easily executed due to developers simplifying their technology. Now, AI is accelerating the access and scale of cyberattacks, he said.
The Iranian strategy: Projecting power
In addition to cyberattacks, Iran is engaging in “information warfare,” by posting fake videos on social media as a means to project power in place of traditional military capabilities that have been decimated, Shah said.
Gen. Dan Caine, chairman of the Joint Chiefs of Staff, said this week that the U.S. military has hit more than 13,000 targets and has destroyed 80% of Iran’s air defense systems.
Shah said while the cyberattacks may have little effect on military outcomes, more attacks are likely coming.
“[It] very much depends on [Iranian] internet capacity, but we should definitely expect to see more targeting of companies or organizations that belong to countries participating in this conflict, because in many ways, the collateral damage is the point,” she said.
